Reverse Shai-Hulud: Supply chain compromise impacts @antv packages

The report documents an active, large-scale supply-chain worm dubbed "Mini Shai-Hulud" that was deployed through compromised @antv npm packages, infecting hundreds of packages and 600+ versions to harvest CI/CD and developer secrets (npm/GitHub tokens, AWS/Docker credentials, SSH keys, .env files), exfiltrate them via HTTPS and public GitHub repositories, propagate by abusing stolen publishing credentials, and establish persistence (including destructive dead-man switches); the document includes detailed IOCs, payload markers, and mitigation guidance for testing and patching in controlled environments.